2017 Citrix Technology Advocate

Feedspot Top 50 PowerShell Blog

MyCUGC

Categories

Archives

EdgeSight: Reporting on Alerts

EdgeSight allows to you to create alerts that trigger on many criteria. In this post, we will configure an alert and show how to query the database directly to get this information.

Creating an alert

For the purposes of this post, I have created a Process Hung alert for outlook.exe. This is a built-in Application Error alert that can trigger on the EXE file name, the application description, the process file version, and/or the process company name. The actual alert will show up in the Farm Monitor and Alert List view under the Monitor Tab in the EdgeSight console.

Now you will get a near real-time alert in the console that looks like this:

I found that this alert triggered quite often and while you can use the “Process Not Responding Alert” report, this blog is all about pulling back the veil.

The Query

We will use the VW_ES_ARCHIVE_ALERT view for this query. Here is an example of all the columns in this view (customer specific information hidden):

For our purposes, I want to get the date of the alert, the machine name, the username, the process name, the process description, and the actual text of the alert.

If you look at the alert_text field, you will see some information that doesn’t look right. You can see “Microsoft Office Outlook”, a weird character, and a series of numbers. These numbers are in fact the actual process hang measured in milliseconds. You can see this if you go back to the farm monitor and select the detail for an alert:

You have the information you need to determine who is having a real long delay, but how can we sort or organize this delay information. There is no built-in MSSQL function to break this column up into two useful fields. A Google search pointed me to a user-written function that will strip non-alphanumeric from a column.